PSVR2010: I’m sure I added some users to that SharePoint group?

I’ve been working on a recent case – and there have been some in the past that were very similar – where a customer had added users to a custom SharePoint group, then later found those same users were gone!  We had an idea what could trigger it but this time we managed to nail the root cause and will be requesting a fix from the product group.  But first a quick recap of how Project Server and SharePoint permissions play together – and it isn’t always nicely… Project Server will control the membership of its own SharePoint groups and also the individual permissions at project site level.  Project Server groups can be identified by the name – such as Project Managers Group (Microsoft Project Server).  Project uses these groups to give permission to the /PWA site – then for the individual project sites for each project the permissions are set for each user, and the permission level that user has is a Project Server one (such as Team Member (Microsoft Project Server).  Worth remembering that permission levels are not the same as groups.  Whenever Project needs to synchronize users, which could be after an Active Directory Sync, the editing of a category or group – or the editing of an individual user – then the process is that we remove everyone from the Project groups and directly on the sites then put back the people who should be there.  We don’t look to see who was there – we remove EVERYONE. So if you have added someone directly to a site, or added them to a Project managed SharePoint group, then unless they have a right to be there based on permissions and group/category membership they will be removed and not put back when a sync occurs.  It is nothing personal – we don’t even look to see who they are. The exception to this is the use of custom SharePoint groups – or basically a new SharePoint group that Project Server isn’t interested in.  If you add a new SharePoint group, and put users into it (regardless of whether they are in Project or not) then they will not be touched when a sync occurs.  Worth pointing out that this can give them access to sites – but unless they are in Project Server too they will not be able to get to /PWA. And now on to the bug… In some cases we were seeing that users would be removed from groups that we should not have been touching.  These were always Project Server users who had been added manually to another custom SharePoint group.  Closer examination of what was happening in the background showed that they were not just being removed from the group – but were actually being removed from the site – and so they would be taken out of all groups within that site too! Following an earlier hunch (Thanks ProjectHosts!)  that this was related to some specific Project Sites we were able to identify that the condition was triggered if a project site had been deleted but still existed in the list of sites on the PWA, Server Settings, Project Sites page.  Once we had an in-house repro it wasn’t difficult to trace the flow in debug and see what was going on.  The issue was that with the non-existent site our code was falling back to the top level – and because it was a top level it was then taking a path that removed the user from the site rather than just the web.  At the Project level this didn’t matter – as we would be putting them back again anyway – but we wouldn’t be putting them back in to any custom SharePoint groups, as we were not even aware that we had dropped them.  One slight variation that can trigger the same problem is for sites that do actually exist but the site starts with a space – so something like “https://server/PWA/ Site”.  Not sure how a site like this can actually get created – possibly it was migrated from 2007 – as the UI tend to stop you doing anything like this.  The workaround is pretty simple – use the Server Settings, Project Sites page, and the Delete Site option for any sites that really don’t exist – or if the leading space is the issue just correct the URL so the site and reference to the site don’t have this leading space.  As mentioned earlier we have a fix request in progress but unlikely to see this before the February 2013 Cumulative Update. If you have lots of sites then it might be tedious to click each one to see if it exists, so a couple of ways to detect the issue.  Firstly for the deleted sites a query against the published and content databases will help: Select PROJ_NAME from ProjectServer_Published.dbo.MSP_PROJECTS Where WPROJ_ISSUE_LIST_NAME NOT in (Select tp_ID from WSS_Content.dbo.AllLists where tp_DeleteTransactionId = (0x)) Or if like me you would prefer to stay away from the databases then the ULS logs give a clue if you know what to look for.  Turn Project Server, Administration to Verbose and you will see plenty of lines like the following as Project Server goes through the sites – filter for EventID of 8sv7 to get rid of noise: PWA:https://Server/PWA, ServiceApp:Project Server Service Application, User:i:0#.w|domainuser, PSI: UpdateSingleUserMembershipForWssSite: updating user i:0#.w|domainsyncuser. Project Uid – https://server/PWA/Sitename, workspace – a2496ce2-1d47-41d7-b4b5-39c4d7d0d970 However, one of these lines will not show the full URL to the project site but will stop at PWA, such as: PWA:https://Server/PWA, ServiceApp:Project Server Service Application, User:i:0#.w|domainuser, PSI: UpdateSingleUserMembershipForWssSite: updating user i:0#.w|domainsyncuser. Project Uid – https://Server/PWA, workspace – 0d8259d2-ed93-4508-b442-22f0ec3d3d7f You’ve probably noticed that we have the Projec Uid and workspace transposed, but the GUID after the word workspace will actually be the Project UID of the project causing the issue.  You can identify this by querying the database such as: Select ProjectName from MSP_EpmProject where ProjectUid = ‘0d8259d2-ed93-4508-b442-22f0ec3d3d7f’   Once you know the name then check out the site in Project Sites and either delete or correct the URL and all will be good.  A quick way to search the logs would be to use your PWA URL and search for “Project Uid – https://Server/PWA ,”.  For the adventurous amongst you who may have started troubleshooting and tried tracing the SQL I’ll mention a couple of the stored procedures you may have come across – just so the search engines might also find you the solution – we normally use proc_SecRemoveUserFromSiteGroupByLogin to remove the users from the Project groups, and proc_SecRemoveUserFromScopeByLogin to remove them from a web – but seeing proc_SecRemoveUserFromSite might be an indication that you are running in to this issue (although it would be normal, but not so usual, if the Project site also happened to be a top level site). This is probably also an issue with 2007 too, but happy to say that 2013 doesn’t appear to suffer from this same problem.  In 2013 we can also run purely with SharePoint permissions and without the project groups and categories – or you can use the familiar groups and categories.  Take a look at the permission articles under the Technical Reference at https://technet.microsoft.com/en-us/library/cc197638(v=office.15).aspx . One final point – another common request is that permissions should be given to Project sites based on a users RBS – in the same way that permissions to Projects themselves can be assigned.  Unfortunately this isn’t possible and isn’t something we will be changing with 2010. Thanks to Rob Cason for being my memory on a similar case from summer 2011, and thanks to my SharePoint colleague Daneil Aguiar for excellent troubleshooting that got us moving in the right direction.

New Office 2013 compatibility content for IT Pros in the Office Resource Kit

There is exciting news coming from the Office IT Pro Blog about great new Office 2013 content. Be sure to view the article below from the Office IT Pro Blog or read the original post here . Written by Jill_M [MSFT]   We’ve published a new Visio poster and article about compatibility and telemetry in Office 2013. These are both good starting points for IT Pros who want a high-level view without diving into too much detail. The  Visio poster  (also available in PDF format) describes how telemetry works in Office 2013. You can learn about the telemetry components, the types of files and solutions that are monitored, the monitoring process, and more. The new  Office 2013 compatibility guide  describes the modern Office compatibility process and how Office telemetry supports this process. You’ll learn about topics like discovery vs. inventory, the importance of working with business groups, and how to conduct user acceptance testing using Click-to-Run, to name a few. As always, we welcome your feedback and we encourage you to  check for new  and updated content weekly . -Jill

Announcing MOSDAL 4.6 – The Microsoft Online Services Diagnostic and Logging Support Toolkit

Audience: Office 365 for professionals and small businesses Office 365 for enterprises   With the release of the Microsoft Online Services Diagnostics and Logging Support Toolkit 4.6 , we introduce a number of exciting new features and improve the user experience yet again so both users (information workers) and administrators can collect the right data, for the right problem.  In this release, we made an effort to make the tool and its output, more user friendly.  Not only did we make improvements to the UI to help guide users through the data collection process, we made many of the reports that MOSDAL generates more readable.  Please read below for additional details on all the improvements MOSDAL 4.6 has to offer: User Interface Changes – Added information to help users collect the right data, as well as understand what data MOSDAL is collecting. New Languages – MOSDAL is now offered in Russian and Korean languages. Smaller download – MOSDAL will only download .NET 4.0 and Windows Installer 3.0 if they are not present on the system.  This reduces the size of the installation package by more than half. Exchange ActiveSync diagnostics – In addition to testing the Exchange Autodiscover process, MOSDAL now also performs ActiveSync connectivity tests.  The tests are run sequentially, and the results are now viewable in a web format that is similar to https://www.testexchangeconnectivity.com. Compatibility with Microsoft Office 2013 and Microsoft Office Click-To-Run – MOSDAL is now aware of and will collect data for Outlook 2013 and Lync 2013.  In addition, if you installed Office 2013 through Click-To-Run, MOSDAL will collect additional data to help troubleshoot Click-to-Run installation and activation issues. Compatibility with Microsoft Windows 8, Windows Server 2012 and .NET 4.5 – MOSDAL will now run without issues on Microsoft Windows 8, Windows Server 2012 and on systems with .NET 4.5 installed. WebDAV ETL component logging for SharePoint Online – Logs are collected by MOSDAL to help troubleshoot issues WebDAV connections to SharePoint Online. Directory Synchronization, Domains/DNS and Exchange Hybrid Configuration reports in XML – Many of the reports generated by MOSDAL are now in XML format to make them easier to read and easier to create automated diagnostics to help identify issues quicker. Windows Network Trace logging – Network tracing utilizes the Event Tracing for Windows (ETW) framework available in Windows. Network components (such as Winsock, TCP/IP, NDIS, packet-capture, and so on) register as ETW trace providers and emit events related to network activity. Any recordable activity of significance can be an event logged to ETW. Tracing for these network components and packet captures can be enabled using the netsh trace context which acts as an ETW controller.  For more information, see     https://msdn.microsoft.com/en-us/library/windows/desktop/dd569137(v=vs.85).aspx . Resources Here are some resources to get started with MOSDAL 4.6: Download MOSDAL 4.6 and the available training MOSDAL Knowledge Base article Here are some additional resources where you can see the tool in action: Exchange Online: 2555008 How to troubleshoot free/busy issues when you use Exchange Federation in the Microsoft Office 365 for enterprises environment 2581088 How to troubleshoot issues that prevent you from viewing other clients’ free/busy information in Office Outlook 2007 and in Outlook 2010 in an Office 365 environment VIDEO :  Troubleshooting Issues with Free/Busy Information in Office Outlook Clients for Office 365 Lync Online: 2566790 Automatic sign-in, domain federation, and other features do not work as expected in Lync Online when you use a custom domain in Office 365Automatic sign-in, domain federation, and other features do not work as expected in Lync Online when you use a custom domain in Office 365 2541980  How to troubleshoot authentication and connectivity issues in Lync Online 2392146  Instant messages to federated Lync contacts fail VIDEO :  Troubleshooting Sign-In Issues in Lync Online for Office 365 VIDEO :  Troubleshooting Instant Message Failures to Federated Contcacts in Lync Online for Office 365 VIDEO :  Troubleshooting “Cannot Connect to the Server” error when using Lync Mobile for Office 365 Office 365 Suite: 2515404 Troubleshoot domain verification issues in Office 365 2621267 How to view and verify CNAME records, MX records, TXT records and SRV records in Office 365 VIDEO :  Troubleshooting Domain Verification Errors in Office 365 Identity federation/Single Sign On: 2598459 How to use the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit to diagnose identity federation issues in Office 365 2433327  How to use MOSDAL to enable tracing for the Microsoft Online Services Sign-in Assistant to troubleshoot rich client authentication issues VIDEO :  How to Use MOSDAL to Diagnose Identity Federation Issues in Office 365 Directory Synchronization (Co-Existence): 2643629 Individual Active Directory Domain Services objects do not synchronize to Office 365 2647098 Duplicate or invalid attributes prevent Office 365 directory synchronization VIDEO :  Troubleshooting Duplicate or Invalid User Attributes that Prevent Directory Synchronization in Office 365 SharePoint Online: 2629108  How to use the “Open with Explorer” command and how to troubleshoot issues with this option in SharePoint Online for Office 365 Visit the  MOSDAL wiki page for more information.

Recent content about the new Project, Project Online, Project Professional, Project Server

Following recent webcasts, sessions and articles during the past month about The new Microsoft Project please find key content I’ve noticed. If I’ve missed any please let me know and I will gladly add to this list. In the meantime happy reading and watching! TechEd Australia (video): Microsoft Project Online Overview MPUG (video): Overview of the new Microsoft Project, plus QA with Senior Microsoft Product Manager Projects At Work (article): Tool Shop: Microsoft Project 2013 TechRepublic (article): Microsoft Project Professional 2013 new features preview Project Blog: Tasks Integration with Exchange Timelines Everywhere: See and share your work with ease in SharePoint and PWA Get Started with Project Web App SharePoint Tasks List plus Project – Better Together Adding SharePoint task lists to PWA an a lot more to come so please subscribe to the RSS feed !!!! Office Next blog: Click-to-Run and Office on Demand (good read to understand the new Project Pro for Office 365 service) SharePoint blog: Keep Your Team in Sync with Site Mailboxes Other blogs from MVPs, experts, product fans: EPMSource (Alex Burton’s blog, Project MVP) SharePoint (and Project Server Shenanigans) Nenad Trajkovski (Project MVP)

Office 365 – Newly Released Outlook Updates Provide Password Expiration Notifications

The Microsoft Outlook team has released updates for Outlook 2010 and Outlook 2007 that provide Office 365 users with advance password expiration notifications. These notifications will be displayed in a pop-up message (near the system clock) within a certain time period before the password actually expires. The tenant administrator can configure the amount of time before password expiration that the notifications appear. For users whose passwords have already expired, Outlook will display an error message when users try to connect to their mailbox. In both scenarios, Outlook also provides a link (URL) to update passwords via the browser. When users click on those links, they are taken to the Microsoft Online Portal to change or update their passwords.   For more information about this issue, as well as links to the updates for Outlook 2010 and Outlook 2007, see the  Password Expiration Notifications in Outlook. This wiki article also contains videos to show the new user experience when the updates are applied.

New VBA classes and members in Project Professional 2013 Preview

The What’s new for developers in the new Project desktop (besides task pane apps) article is available in the Office Developer Blog . The VBA and VSTO object model includes includes classes that support new reports with charts, tables, and Office Art. Other new members in the Project object model support the new task paths feature, cache status, and working with tasks lists in SharePoint 2013.

Project 2013 Preview SDK and related resources

The Project 2013 Preview SDK download is published. The conceptual, how-to, and reference documentation in the download closely matches the Project 2013 developer documentation online content published on MSDN. In addition, the download also contains: Ten complete code solutions, including two task pane apps for Project, six client-side object model (CSOM) solutions, and two solutions for querying the ProjectData service for reporting. DLLs and a license for redistribution of the three Project Server CSOM assemblies, JavaScript files for the CSOM, and the Microsoft.Office.Project.Server.Library assembly. Note: Project CSOM solutions also require the redistributable DLLs for the SharePoint 2013 CSOM, which are at SharePoint Server 2013 Client Components SDK . Intellisense files for the PSI and CSOM, source code for creating a PSI proxy assembly, and instructions on how to update the PSI proxy files. XML schemas for the Project client, AppProvisioning, and the Statusing PSI. The top-level online landing page for the Project SDK is Project for developers ( https://msdn.microsoft.com/project ). For additional Project-related SDK content, see Office for developers ( https://msdn.microsoft.com/office ), SharePoint for developers ( https://msdn.microsoft.com/sharepoint ), and Build apps for Office and SharePoint ( https://msdn.microsoft.com/office/apps/ ). The two articles on Task pane apps for Project are in the Apps for Office and SharePoint SDK , and the JavaScript API for Office reference includes information specific for Project, the ProjectDocument object with eleven methods and three events, and four enumerations for Project. The downloads for those SDKs will be published soon. Want to try it out? Sign up for the Project Online Preview with Project Pro for Office 365 Download Project Professional 2013 Preview & Project Server 2013 Preview

Project Server 2010: Duplicated Outlook tasks after Exchange Sync–June CU

Thought it worth explaining some of the intricacies of the June 2012 Cumulative Update packages, especially for those of you waiting for the fix for the Exchange Sync issue where you see duplicated tasks in Outlook, or are having problems with editing categories in PWA if you have renamed projects in your archive.  Maicco e-mailed asking about the Exchange fix – and thanks for bringing this to my attention.  These two fixes were delivered in the June Cumulative Update cycle, but were not in the ‘default’ Project Server only package https://support.microsoft.com/kb/2598375 , but had their own hotfix – https://support.microsoft.com/kb/2598376 . Issues that this hotfix package fixes Consider the following scenario: You create a user account in Project Web Access (PWA), and you enable Exchange Synchronization for the user account. You create a new plan that contains many tasks in Project 2010. You assign the user account to all the tasks. You save and then publish the plan in Project Server 2010. You log on to the mailbox of the user account that you created to see whether the task list is synchronized. In this scenario, duplicate tasks are created in the task list in Microsoft Outlook. You cannot edit security categories that contain more than 1000 projects when one or more projects in the security categories are archived and then renamed. Just to add to the confusion this hotfix doesn’t explicitly say that it includes the 2598375 fixes – but it does.  The reason for the split is that these two fixes needed some globalization changes – which you can see from the full description (Description of the Project Server 2010 hotfix package (Pjsrvwfe-x-none.msp, Pjsrvmui-x-none.msp): June 26, 2012) where MUI is Multilingual User Interface.  The file list also lists all of the language files. The complete Project Server 2010 June 2012 Cumulative Update package – https://support.microsoft.com/kb/2598355 – does include everything, and the KB does list both of the KB’s mentioned above.  This hopefully clarifies things and explains what the two KBs listed in the full package article are all about. Thanks again Maicco, and in future I’ll keep my eye out for these split CU packages and we will add more details to the notification mail (and I’ll also add an update to the current posting).

Project Server 2010: From August 2012 Cumulative Update onwards–you will also need to load SP1

If you haven’t already of course… Some early warning here to allow you to plan for any August 2012 or post August 2012 Cumulative Updates.  For SharePoint Server 2010, and Project Server 2010 and the rest of the Office 2010 family you will need to have loaded Service Pack 1 (SP1) before you can install the Cumulative Update.  This means really loading SP1 – not just relying on the fact that ‘almost all’ of SP1 has been included in patches since June 2011.  If you remember we went through a similar stage with 2007 – and one of the most notable things is that the patch will shrink down to a much smaller size (The June 2012 roll-up patch was over 1.2GB!).  I haven’t had a chance to try it out – but I suspect the error message if you haven’t loaded SP1 will be something along the lines of “There are no products affected by this package installed on this system” or “ The expected version of the product was not found on the system” – I’ll update once I get a chance to test. The reason behind this change is to do with our product support lifecycle (see Microsoft Support Lifecycle ) and the fact that we have reached what we term the end-of-life (or service pack support end date) for the original release of the 2010 Office family – which is around one year after release of Service Pack 1.  For most customers you could see this first with the August 2012 Cumulative update – which will be something like build 14.0.6124.5000 – or potentially before if there are any special releases before that release (and after the June CU)  – which would be something like 14.0.6123.5003.  Other customers who do not necessarily load all cumulative updates may run into this much later, as it will be the ongoing requirement for future Cumulative Updates until the next service pack support end date – approximately one year after SP2 (and no – I do not know when SP2 will be coming along – before you ask!). Excellent references for Service Pack 1 can be found at the new-look Project blog –  Announcing Service Pack 1 for Microsoft Project & Project Server 2010 , for the initial announcement,   Announcing The Release Of Service Pack 1 (SP1) for Microsoft Project and Project Server 2010 for the release notification and particularly the TechNet article at https://technet.microsoft.com/en-us/library/hh272536.aspx – Deploy Service Pack 1 for Project Server 2010.  And finally – to find out if you already have SP1 installed I’d suggest going to Control Panel, Programs, Programs and Features, Installed Updates – and you should see it listed there – Microsoft SharePoint and Project Server 2010 Service Pack 1 (SP1) https://support.microsoft.com/kb/2460047 .

Project and Project Server June 2012 Cumulative Update

The June CU is out for Project and Project Server – and we have the full details posted at https://blogs.technet.com/b/projectadministration/archive/2012/06/29/microsoft-project-server-and-sharepoint-server-2007-and-2010-june-2012-cu-announcement.aspx .  Thanks Rob for the information. A couple of quick points worth mentioning: We have a delay on the roll-up package for 2010 – so if you usually use the roll-up and need to test Project Server fixes you can do this with the individual package until we get the rebuild – hopefully later this week. On the 2007 side the June CU for Project Server does include the fix for the Reporting Publish issue I wrote about at https://blogs.msdn.com/b/brismith/archive/2012/05/23/project-server-2007-reporting-project-publish-queue-job-fails-to-complete.aspx – so if you have been suffering with that one your wait is over.  Sorry for the inconvenience that I know this issue caused many of our customers. Final point – and a frequently asked question – what is the difference between a hotfix and a cumulative update?  In reality nothing – for Office and SharePoint the Cumulative Update is really just a hotfix released on a defined timetable – every other month, around the last Tuesday of the month.  The KB article will always describe it as a hotfix – and it generally does not mention the term Cumulative Update.  The TechNet Update Center is a great place to go for all information on the updates – https://technet.microsoft.com/en-us/office/ee748587.aspx .  There is an RSS feed too!